Skip to content
Sign In

Privacy Policy

Last updated: 16 October 2025

1. Introduction

This Privacy Policy explains how Aeterno Ltd ("we", "us", "our") collects, uses, and protects personal data when you use our website (aeternoai.com) and engage with our Model Asset platform services.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

Data Controller Details:

  • Company: Aeterno Ltd
  • Company Number: Registered in England and Wales
  • Data Protection Contact: legal@aeternoai.com

2. Data We Collect

2.1 Information You Provide

When you contact us through our website or request a demonstration, we collect:

  • Full name
  • Business email address
  • Organisation name
  • Your message or enquiry details
  • Job title (if provided)

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Date and time of access

2.3 Authentication Data

For authorised users of our platform:

  • Email address
  • Encrypted password
  • Account activity logs
  • Session information

2.4 Cookies and Similar Technologies

We use essential cookies for:

  • Session management (authentication tokens)
  • Security features

We may implement analytics cookies in future (with your consent) to understand website usage patterns.

3. How We Use Your Data

3.1 Purposes of Processing

We process your personal data for:

  • Business Communications: Responding to enquiries and demonstration requests
  • Service Provision: Delivering our Model Asset platform services
  • Platform Security: Maintaining secure authentication and preventing unauthorised access
  • Legal Compliance: Meeting our legal and regulatory obligations
  • Business Development: Understanding market needs and improving our services

3.2 Lawful Basis for Processing

We process your data based on:

  • Legitimate Interests: For B2B communications, responding to business enquiries, and maintaining platform security
  • Contract Performance: When providing services to your organisation
  • Consent: For optional marketing communications and non-essential cookies
  • Legal Obligations: Where required by law or regulation

4. Data Sharing and Transfers

4.1 Service Providers

We share data with trusted service providers who assist our operations:

  • Google Cloud Platform (infrastructure and data processing)
  • Email service providers
  • Professional advisers (legal, accounting)

All processors are contractually bound to protect your data in accordance with GDPR requirements.

4.2 International Transfers

Your data is primarily processed within the UK and European Economic Area (EEA). Any transfers outside these regions will be protected by:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Other appropriate safeguards under GDPR

4.3 Other Disclosures

We may disclose your data when:

  • Required by law or court order
  • Necessary to protect our legal rights
  • Part of a business transaction (with appropriate confidentiality measures)

5. Data Retention

We retain personal data for:

  • Enquiry Data: 2 years from last communication (unless you become a customer)
  • Customer Data: Duration of business relationship plus 6 years for legal and tax purposes
  • Authentication Data: Duration of account validity plus 30 days
  • Website Analytics: 26 months (when implemented)

6. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at legal@aeternoai.com. We will respond within one month of receipt.

7. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit (HTTPS) and at rest
  • Access controls and authentication systems
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

While we strive to protect your data, no system is completely secure. We encourage you to safeguard your account credentials.

8. Children's Privacy

Our services are B2B focused and not directed at individuals under 18. We do not knowingly collect personal data from children.

9. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via our website or email.

11. Complaints

If you have concerns about our data processing, you have the right to lodge a complaint with:

  • UK: Information Commissioner's Office (ico.org.uk)
  • EU: Your local data protection authority

We encourage you to contact us first at legal@aeternoai.com to resolve any concerns.

12. Contact Information

For any questions about this Privacy Policy or our data practices:

Email: legal@aeternoai.com

© 2020-2025 Aeterno Ltd. All rights reserved.